enterprise risk management - acsw citroen - erm.pdf · historically, risk management meant saying...
TRANSCRIPT
© 2006 Towers Perrin
Enterprise Risk Management
Why it Really Does Matter
Actuaries Club of the SouthwestAustin, TexasJune 2006
Stewart Citroen
<copyright>© 2006 Towers Perrin 2
Agenda
What is Enterprise Risk Management (ERM)?
How is ERM implemented
Internal and External Pressures
Success Factors
Overview of Session
<copyright>© 2006 Towers Perrin 3
Historically, risk typically managed in silos
ERM – Why It Really Does Matter
Overview of ERM
Financial Risks
Operational Risks
Market Risks
Credit Risks
Specific Risk
Expert
Specific Risk
Expert
Specific Risk
Expert
Specific Risk
Expert
Specific Risk
Expert
Business Risks
<copyright>© 2006 Towers Perrin 4
ERM provides a consistent framework for looking at risks and their interrelationships
across the organization
ERM – Why It Really Does Matter
Overview of ERM
Business Risks
Market Risks
Credit Risks
Operational Risks
Financial Risks
<copyright>© 2006 Towers Perrin 5
Historically, risk management meant
saying ‘No’ a lot..
ERM – Why It Really Does Matter
Overview of ERM
No! We need to focus on risk mitigation.
ERM looks at the strategic, upside
opportunities
Positive vs. Negative Approach to Risk and Capital Management
How can we gain a competitive advantage?
<copyright>© 2006 Towers Perrin 6
ERM – Why It Really Does Matter
Overview of ERM
ERM facilitation: specific roles,
responsibilities and structures
Distributed Risk Management vs. Central Risk Oversight
Historically, specific risk expert managing each risk
independently
<copyright>© 2006 Towers Perrin 7
ERM Definitions
No single definition
Committee of Sponsoring Organizations (COSO) definition
The American Institute of Certified Public Accountants (AICPA)The American Accounting AssociationThe Institute of Internal AuditorsThe Institute of Management AccountantsThe Financial Executives Institute
Casualty Actuarial Society (CAS) definition
Overview of ERM
ERM – Why It Really Does Matter
<copyright>© 2006 Towers Perrin 8
COSO Definition
“ERM is a process, effected by an entity’s board of directors, management and other personnel,
applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be
within its risk appetite, to provide reasonable assurance regarding the achievement of entity
objectives.”
ERM – Why It Really Does Matter
Overview of ERM
ERM Definitions
<copyright>© 2006 Towers Perrin 9
CAS Definition
“ERM is the discipline by which an organization in any industry assesses,
controls, exploits, finances and monitors risks from all sources for the purpose of
increasing the organization’s short and long term value to its stakeholders.”
ERM – Why It Really Does Matter
Overview of ERM
ERM Definitions
<copyright>© 2006 Towers Perrin 10
How ERM is Implemented
Multiple methodologies and frameworks – not a “one size fits all” process
Basic chronology:
Identify
Quantify
Solve
Execute
ERM – Why It Really Does Matter
Overview of ERM
<copyright>© 2006 Towers Perrin 11
How ERM is Implemented
ERM – Why It Really Does Matter
Overview of ERM
Identify
Include all key exposures
Continuous process - not a one-time event
Broad participation – all areas, all levels
Expose risk interdependencies, hidden risks
Risk Classification4 common risk categories: Hazard, Financial, Operational and StrategicRisk attributes: sources, events, consequences etc
<copyright>© 2006 Towers Perrin 12
How ERM is Implemented
ERM – Why It Really Does Matter
Overview of ERM
Quantify
Do not need to quantify all risksFocus on risks that have biggest influence on ability to achieve strategic goals
Known environmentCapabilities and resources on hand to addressLow financial impactRequires little or no investment to address risk
Tactical Risks
Unknown environmentNot well understoodNot well equipped to addressSignificant financial impactSignificant investment needed to address risk
Strategic Risks
<copyright>© 2006 Towers Perrin 13
How ERM is Implemented
ERM – Why It Really Does Matter
Overview of ERM
Quantify
Scenario planningIdentify range and likelihood of outcomes
Risk modelsMajor challenges
Lack of dataUnstructured risks
Economic capital
<copyright>© 2006 Towers Perrin 14
How ERM is Implemented
ERM – Why It Really Does Matter
Overview of ERM
Solve
Risk appetite and risk toleranceWhat risks does the organization want to take?What risks does the organization not want to take?
Develop action plans for risk profile4 risk responses
AcceptAvoidTransferMitigate
<copyright>© 2006 Towers Perrin 15
How ERM is Implemented
ERM – Why It Really Does Matter
Overview of ERM
Execute
Assign responsibilities
Monitor risks
Ongoing, continuous process
Clear and effective communication and reportingBoardStakeholdersRegulatorsRating agencies
<copyright>© 2006 Towers Perrin 16
Internal and External Pressures
RegulationBasel II AccordSolvency IISarbanes-OxleyNY Stock Exchange RequirementsCOSO Framework
Rating AgenciesEvaluating ERM structure and capabilitiesLooking at Economic Capital modelsAssessing risk models relative to insurers risksAssessing processes that use information from risk models
ERM – Why It Really Does Matter
<copyright>© 2006 Towers Perrin 17
Economic Capital (EC)
ERM – Why It Really Does Matter
EC is defined as “sufficient surplus to cover potential losses at a given tolerance level”
EC vs. regulatory and rating agency capital
Europe: Solvency II proposals
U.S: capital and reserving requirements
ERM should drive EC models
<copyright>© 2006 Towers Perrin 18
Internal and External Pressures
Public demanding better risk management and more accountability
Corporate governanceBoard wants assurance risk is being managedBoard and senior executives concerned about personal liability
Shareholder demands for:Financial stabilityImproved financial performance
ReputationNews reports and perceptions
ERM – Why It Really Does Matter
<copyright>© 2006 Towers Perrin 19
Success Factors
Support and involvement of board members and senior management
Sufficient resources
Assigned accountability
Risk-aware cultureClarity and common understanding of ERMTraining and education
Ongoing, continuous behavior
ERM – Why It Really Does Matter